Malware Infects Supervalu, Albertson’s Stores Once Again

Less than two months after Supervalu confirmed its payment processing system had been intruded, the nationwide supermarket chain announced the possibility of yet another breach in late August or early September.

The Minnesota-based company reported on Monday that it had recently discovered different malware installed in its network, affecting payment information processed from some of its owned and franchised stores, including Shop ‘n Save, Shoppers Food & Pharmacy and Cub Foods, as well as associated stand-alone liquor stores.

Additionally, the potential breach would also affect certain locations of the Albertson’s, Acme, Jewel-Osco, Shaw’s and Star Market stores—Supervalu sold these grocery chains in 2013 but continues to provide their information technology services.

The company stated in a press release it believes the incident is separate from the intrusion announced mid-August, adding its enhanced protective technology significantly mitigated damage from the intrusion:

“Although the investigation is ongoing, Supervalu believes that this malware did not succeed in capturing data from any payment cards used at any stores other than at some checkout lanes at four Cub Foods franchised stores. . .”

However, no determination has been made that any cardholder data was in fact stolen by the intruder. The malware was not installed at, and did not affect, any of its Farm Fresh, Hornbacher, Save-A-Lot stores, or any independent grocery stores supplied by Supervalu.

Sam Duncan, Supervalu President and CEO, said the company plans to bolster its security investments going forward.